database logo graphic

RFC 6211

"Cryptographic Message Syntax (CMS) Algorithm Identifier Protection Attribute", April 2011

Canonical URL:
http://www.rfc-editor.org/rfc/rfc6211.txt
This document is also available in this non-normative format: PDF.
Status:
PROPOSED STANDARD
Author:
J. Schaad
Stream:
IETF
Source:
NON WORKING GROUP

Cite this RFC: TXT  |  XML

Other actions: Find Errata (if any)  |  Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

The Cryptographic Message Syntax (CMS), unlike X.509/PKIX certificates, is vulnerable to algorithm substitution attacks. In an algorithm substitution attack, the attacker changes either the algorithm being used or the parameters of the algorithm in order to change the result of a signature verification process. In X.509 certificates, the signature algorithm is protected because it is duplicated in the TBSCertificate.signature field with the proviso that the validator is to compare both fields as part of the signature validation process. This document defines a new attribute that contains a copy of the relevant algorithm identifiers so that they are protected by the signature or authentication process. [STANDARDS-TRACK]


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Go to the RFC Editor Homepage.